<?php

session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = mysql_real_escape_string($_SESSION['user']);
$result = mysql_query("SELECT * FROM user WHERE id = $user") or die(mysql_error());
$row = mysql_fetch_array($result);

if($row['type'] != 2 && $row['type'] != 3)
	header("Location: home.php");

$summoner = mysql_real_escape_string($_POST['summoner']);

$id = mysql_real_escape_string($_POST['id']);
$buyer = mysql_real_escape_string($_POST['buyer']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$region = mysql_real_escape_string($_POST['region']);

mysql_query("UPDATE leveling_order SET username = '$username', password = '$password', summoner = '$summoner', region = '$region', user = $buyer WHERE id = $id") or die(mysql_error());

header("Location: leveling_panel.php");

?>